22.3 About IPA

IPA allows you to set up a domain controller for DNS, Kerberos, and authorization policies
as an alternative to Active Directory Services. You can enrol client machines with an IPA
domain so that they can access information for single sign-on authentication. IPA combines the
capabilities of existing well-known technologies such as certificate services, DNS, LDAP,
Kerberos, LDAP, and NTP.

22.3.1 Configuring IPA

To be able to configure IPA authentication, use yum to install the
ipa-client and ipa-admintools packages.

If you use the Authentication Configuration GUI and select IPA v2 as the user account
database, you are prompted to enter the names of the IPA domain, realm, and server. You can
also select to configure NTP so that the system time is consistent with the IPA server. If
you have initialized Kerberos, you can click Join Domain to
create a machine account on the IPA server and grant permission to join the domain.